OSDN -- Développer et télécharger des logiciels Open Source
Traduction statut du Français translation status for fr
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

Commit

Tags
Aucun tag

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

frameworks/base


Commit MetaInfo

Révision598188b4602bdb4f091d61b190d056842c3e5efc (tree)
l'heure2019-11-06 04:02:47
AuteurJeff Sharkey <jsharkey@andr...>
CommiterVasyl Gello

Message de Log

RESTRICT AUTOMERGE Enable stricter SQLiteQueryBuilder options.

Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.

This change starts using setStrictColumns() and setStrictGrammar()
on SQLiteQueryBuilder to block this class of attacks. This means we
now need to define the projection mapping of valid columns, which
consists of both the columns defined in the public API and columns
read internally by DownloadInfo.Reader.

We're okay growing sAppReadableColumnsSet like this, since we're
relying on our trusted WHERE clause to filter away any rows that
don't belong to the calling UID.

Remove the legacy Lexer code, since we're now internally relying on
the robust and well-tested SQLiteTokenizer logic.

Bug: 135270103
Bug: 135269143
Test: atest DownloadProviderTests
Test: atest CtsAppTestCases:android.app.cts.DownloadManagerTest
Change-Id: Iec1e8ce18dc4a9564318e0473d9d3863c8c2988a
(cherry picked from commit 382d5c0c199f3743514e024d2fd921248f7b14b3)

Change Summary

Modification

--- a/core/java/android/app/DownloadManager.java
+++ b/core/java/android/app/DownloadManager.java
@@ -128,6 +128,9 @@ public class DownloadManager {
128128 */
129129 public final static String COLUMN_STATUS = Downloads.Impl.COLUMN_STATUS;
130130
131+ /** {@hide} */
132+ public static final String COLUMN_FILE_NAME_HINT = Downloads.Impl.COLUMN_FILE_NAME_HINT;
133+
131134 /**
132135 * Provides more detail on the status of the download. Its meaning depends on the value of
133136 * {@link #COLUMN_STATUS}.
@@ -165,6 +168,9 @@ public class DownloadManager {
165168 */
166169 public static final String COLUMN_MEDIAPROVIDER_URI = Downloads.Impl.COLUMN_MEDIAPROVIDER_URI;
167170
171+ /** {@hide} */
172+ public static final String COLUMN_DESTINATION = Downloads.Impl.COLUMN_DESTINATION;
173+
168174 /**
169175 * @hide
170176 */
@@ -333,26 +339,22 @@ public class DownloadManager {
333339 * @hide
334340 */
335341 public static final String[] UNDERLYING_COLUMNS = new String[] {
336- Downloads.Impl._ID,
337- Downloads.Impl._DATA + " AS " + COLUMN_LOCAL_FILENAME,
338- Downloads.Impl.COLUMN_MEDIAPROVIDER_URI,
339- Downloads.Impl.COLUMN_DESTINATION,
340- Downloads.Impl.COLUMN_TITLE,
341- Downloads.Impl.COLUMN_DESCRIPTION,
342- Downloads.Impl.COLUMN_URI,
343- Downloads.Impl.COLUMN_STATUS,
344- Downloads.Impl.COLUMN_FILE_NAME_HINT,
345- Downloads.Impl.COLUMN_MIME_TYPE + " AS " + COLUMN_MEDIA_TYPE,
346- Downloads.Impl.COLUMN_TOTAL_BYTES + " AS " + COLUMN_TOTAL_SIZE_BYTES,
347- Downloads.Impl.COLUMN_LAST_MODIFICATION + " AS " + COLUMN_LAST_MODIFIED_TIMESTAMP,
348- Downloads.Impl.COLUMN_CURRENT_BYTES + " AS " + COLUMN_BYTES_DOWNLOADED_SO_FAR,
349- Downloads.Impl.COLUMN_ALLOW_WRITE,
350- /* add the following 'computed' columns to the cursor.
351- * they are not 'returned' by the database, but their inclusion
352- * eliminates need to have lot of methods in CursorTranslator
353- */
354- "'placeholder' AS " + COLUMN_LOCAL_URI,
355- "'placeholder' AS " + COLUMN_REASON
342+ DownloadManager.COLUMN_ID,
343+ DownloadManager.COLUMN_LOCAL_FILENAME,
344+ DownloadManager.COLUMN_MEDIAPROVIDER_URI,
345+ DownloadManager.COLUMN_DESTINATION,
346+ DownloadManager.COLUMN_TITLE,
347+ DownloadManager.COLUMN_DESCRIPTION,
348+ DownloadManager.COLUMN_URI,
349+ DownloadManager.COLUMN_STATUS,
350+ DownloadManager.COLUMN_FILE_NAME_HINT,
351+ DownloadManager.COLUMN_MEDIA_TYPE,
352+ DownloadManager.COLUMN_TOTAL_SIZE_BYTES,
353+ DownloadManager.COLUMN_LAST_MODIFIED_TIMESTAMP,
354+ DownloadManager.COLUMN_BYTES_DOWNLOADED_SO_FAR,
355+ DownloadManager.COLUMN_ALLOW_WRITE,
356+ DownloadManager.COLUMN_LOCAL_URI,
357+ DownloadManager.COLUMN_REASON
356358 };
357359
358360 /**